Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote malicious users to read arbitrary files via a .. (dot dot) in the route parameter.
opencart opencart 1.1.8